On Tue, 6 Jun 2000, Victor Ortega wrote:
> On Tue, 6 Jun 2000, Robert G. Brown wrote:
> > Even if you configure ssh to use no encryption and not to verify
> > connections at all (making it "just like" rsh) you still get
> > /etc/environment and port forwarding.
>> I'm glad someone said it. I was going to say it myself otherwise.
>> Although I'll admit I haven't done this, it should be possible to
> configure ssh such that outside connections to the head node are
> encrypted, but connections within the cluster are unencrypted (for the
> sake of those worried about performance degradation within the cluster
> due to ssh). Internal authentication need not be TOTALLY disabled;
> simply set up public and private keys on all the nodes and there'll
> still be a level of security--even some bad guy who brings in a
> computer and attaches it to the internal network will not be able to
> just log into the other nodes without at least having a public key.
I agree, although my measurements (published last week on the list) do
show that the bulk of the "cost" of ssh relative to rsh comes from the
original RSA handshake, not from the encryption. If ssh is build with
--with-none defined, one can call ssh as ssh -c none whereever whatever
to skip crypting the net traffic.
I believe that you are right, though, in that ssh could be set up to do
full RSA authentication on connections to the head node and then do
basically no host authentication and no encryption between nodes on the
private network (in)side. I'll see if I can work out the appropriate
configuration files and/or wrappers and if I can I'll publish them back
to the list and in the book under construction. I should probably do an
rshbench of ssh when RSA host authentication is turned off anyway to see
what fraction of the overhead is associated with reading
/etc/environment and managing any forwarded ports.
I agree with the rest of your note as well. Net snooping has been
responsible for the bulk of the successful cracks into our department
over the last fifteen years or so. It is easiest to maintain just one
of ssh/rsh (and not both) and given this choice, ssh is the obvious one.
rgb
Robert G. Brown http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567 Fax: 919-660-2525 email:rgb at phy.duke.edu